Friday, July 24, 2020

INFO: The Civyanquark Inspector

Does anybody recall when I posted the link to my brand new GitHub page along with my PowerShell local admin scanner, Coerchck? Whether you do or do not, I've got some news for you.

I have deprecated Coerchck, along with its sibling script, Inritver (for checking BitLocker status on target systems.) However, this does not mean their functionality has vanished. Instead, I finally got around to doing something I've been intending to do for quite some time, would it were not for CEH/CISSP studies taking up my time (along with other pursuits.)

Some of the work I do involves me and/or my team walking into completely unknown environments. We have very limited time to gather as much data as we can to take back with us for risk analysis. I wanted to make that task as easy as possible and combine as many data-gathering tasks in zero-foothold environments as I could. I already had the target selection and looping logic from Coerchck. I used it to quickly spin up Inritver shortly thereafter. Still, this felt heavy-handed, both as far as total number of script lines and number of separate, non-concurrent tasks required were concerned. I wanted it to be faster, easier, and lighter.

Thus was born The Civyanquark Inspector. I took the target logic from Coerchck, but removed the admin account lookup and reporting parts. Instead, I turned Coerchck into a small PowerShell module. I did the same with Inritver. In fact, once I got every working, I confirmed what I had hoped from the outset: pumping out new modules took less than an hour now!

And that is just the beginning. I've been gathering PowerShell/WMI snippets for over a year now, and I intend to add a ton of modules to the lineup. On that note, here are... well, some notes!

By default, The Civyanquark Inspector will run all modules against the provided targets. It is also possible to specify a single module instead. I wanted to keep that original lightweightedness in the new tool, especially as the list of modules grows.

This is by no means a finished or polished product. There are aesthetic, error-handling, and quality-of-life updates that need to happen. I intend to add those parallel to adding new modules.

That's it for now. Check out the GitHub repository for updates, and hit me up on Twitter if you have suggestions for improvements or additional modules.

Thanks for sticking around to see this new thing finally come to fruition!

No comments:

Post a Comment